CVE-2022-35969

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The implementation of Conv2DBackpropInput requires input sizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider validating the dimensions of input sizes before passing it to Conv2DBackpropInput to prevent the CHECK failure.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BIT-TENSORFLOW-2022-35969

CVE-2022-35969

GHSA-Q2C3-JPMC-GFJX

OPENSUSE-SU-2024:12355-1

Affected Products

Tensorflow

CVE-2022-35969

Weakness Enumeration

Related Identifiers

Affected Products

References · 10